diff --git a/charts/nextcloud/Chart.yaml b/charts/nextcloud/Chart.yaml
index 26b03113..18a63900 100644
--- a/charts/nextcloud/Chart.yaml
+++ b/charts/nextcloud/Chart.yaml
@@ -1,6 +1,6 @@
apiVersion: v2
name: nextcloud
-version: 4.5.2
+version: 4.5.3
appVersion: 27.1.3
description: A file sharing server that puts the control and security of your own data back into your hands.
keywords:
diff --git a/charts/nextcloud/files/defaultConfigs/.htaccess.gotmpl b/charts/nextcloud/files/defaultConfigs/.htaccess.gotmpl
new file mode 100644
index 00000000..ede437c9
--- /dev/null
+++ b/charts/nextcloud/files/defaultConfigs/.htaccess.gotmpl
@@ -0,0 +1,12 @@
+# line below if for Apache 2.4
+
+Require all denied
+
+# line below if for Apache 2.2
+
+deny from all
+
+# section for Apache 2.2 and 2.4
+
+IndexIgnore *
+
diff --git a/charts/nextcloud/files/defaultConfigs/apache-pretty-urls.config.php.gotmpl b/charts/nextcloud/files/defaultConfigs/apache-pretty-urls.config.php.gotmpl
new file mode 100644
index 00000000..72da1d8c
--- /dev/null
+++ b/charts/nextcloud/files/defaultConfigs/apache-pretty-urls.config.php.gotmpl
@@ -0,0 +1,4 @@
+ '/',
+);
diff --git a/charts/nextcloud/files/defaultConfigs/apcu.config.php.gotmpl b/charts/nextcloud/files/defaultConfigs/apcu.config.php.gotmpl
new file mode 100644
index 00000000..69fed876
--- /dev/null
+++ b/charts/nextcloud/files/defaultConfigs/apcu.config.php.gotmpl
@@ -0,0 +1,4 @@
+ '\OC\Memcache\APCu',
+);
diff --git a/charts/nextcloud/files/defaultConfigs/apps.config.php.gotmpl b/charts/nextcloud/files/defaultConfigs/apps.config.php.gotmpl
new file mode 100644
index 00000000..a4bed833
--- /dev/null
+++ b/charts/nextcloud/files/defaultConfigs/apps.config.php.gotmpl
@@ -0,0 +1,15 @@
+ array (
+ 0 => array (
+ "path" => OC::$SERVERROOT."/apps",
+ "url" => "/apps",
+ "writable" => false,
+ ),
+ 1 => array (
+ "path" => OC::$SERVERROOT."/custom_apps",
+ "url" => "/custom_apps",
+ "writable" => true,
+ ),
+ ),
+);
diff --git a/charts/nextcloud/files/defaultConfigs/autoconfig.php.gotmpl b/charts/nextcloud/files/defaultConfigs/autoconfig.php.gotmpl
new file mode 100644
index 00000000..c9063501
--- /dev/null
+++ b/charts/nextcloud/files/defaultConfigs/autoconfig.php.gotmpl
@@ -0,0 +1,24 @@
+ '\OC\Memcache\Redis',
+ 'memcache.locking' => '\OC\Memcache\Redis',
+ 'redis' => array(
+ 'host' => getenv('REDIS_HOST'),
+ 'port' => getenv('REDIS_HOST_PORT') ?: 6379,
+ {{- if .Values.redis.auth.enabled }}
+ 'password' => getenv('REDIS_HOST_PASSWORD'),
+ {{- end }}
+ ),
+ );
+}
diff --git a/charts/nextcloud/files/defaultConfigs/smtp.config.php.gotmpl b/charts/nextcloud/files/defaultConfigs/smtp.config.php.gotmpl
new file mode 100644
index 00000000..59f1eaa1
--- /dev/null
+++ b/charts/nextcloud/files/defaultConfigs/smtp.config.php.gotmpl
@@ -0,0 +1,15 @@
+ 'smtp',
+ 'mail_smtphost' => getenv('SMTP_HOST'),
+ 'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25),
+ 'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '',
+ 'mail_smtpauth' => getenv('SMTP_NAME') && getenv('SMTP_PASSWORD'),
+ 'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN',
+ 'mail_smtpname' => getenv('SMTP_NAME') ?: '',
+ 'mail_smtppassword' => getenv('SMTP_PASSWORD') ?: '',
+ 'mail_from_address' => getenv('MAIL_FROM_ADDRESS'),
+ 'mail_domain' => getenv('MAIL_DOMAIN'),
+ );
+}
diff --git a/charts/nextcloud/files/nginx.config.gotmpl b/charts/nextcloud/files/nginx.config.gotmpl
new file mode 100644
index 00000000..8bb687e4
--- /dev/null
+++ b/charts/nextcloud/files/nginx.config.gotmpl
@@ -0,0 +1,161 @@
+worker_processes auto;
+
+error_log /var/log/nginx/error.log warn;
+pid /tmp/nginx.pid;
+
+
+events {
+ worker_connections 1024;
+}
+
+
+http {
+ include /etc/nginx/mime.types;
+ default_type application/octet-stream;
+
+ log_format main '$remote_addr - $remote_user [$time_local] "$request" '
+ '$status $body_bytes_sent "$http_referer" '
+ '"$http_user_agent" "$http_x_forwarded_for"';
+
+ access_log /var/log/nginx/access.log main;
+
+ sendfile on;
+ #tcp_nopush on;
+
+ keepalive_timeout 65;
+
+ #gzip on;
+
+ upstream php-handler {
+ server 127.0.0.1:9000;
+ }
+
+ server {
+ listen {{ .Values.nginx.containerPort }};
+
+ # HSTS settings
+ # WARNING: Only add the preload option once you read about
+ # the consequences in https://hstspreload.org/. This option
+ # will add the domain to a hardcoded list that is shipped
+ # in all major browsers and getting removed from this list
+ # could take several months.
+ #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
+
+ # set max upload size
+ client_max_body_size 10G;
+ fastcgi_buffers 64 4K;
+
+ # Enable gzip but do not remove ETag headers
+ gzip on;
+ gzip_vary on;
+ gzip_comp_level 4;
+ gzip_min_length 256;
+ gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
+ gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
+
+ # Pagespeed is not supported by Nextcloud, so if your server is built
+ # with the `ngx_pagespeed` module, uncomment this line to disable it.
+ #pagespeed off;
+
+ # HTTP response headers borrowed from Nextcloud `.htaccess`
+ add_header Referrer-Policy "no-referrer" always;
+ add_header X-Content-Type-Options "nosniff" always;
+ add_header X-Download-Options "noopen" always;
+ add_header X-Frame-Options "SAMEORIGIN" always;
+ add_header X-Permitted-Cross-Domain-Policies "none" always;
+ add_header X-Robots-Tag "noindex, nofollow" always;
+ add_header X-XSS-Protection "1; mode=block" always;
+
+ # Remove X-Powered-By, which is an information leak
+ fastcgi_hide_header X-Powered-By;
+
+ # Path to the root of your installation
+ root /var/www/html;
+
+ # Specify how to handle directories -- specifying `/index.php$request_uri`
+ # here as the fallback means that Nginx always exhibits the desired behaviour
+ # when a client requests a path that corresponds to a directory that exists
+ # on the server. In particular, if that directory contains an index.php file,
+ # that file is correctly served; if it doesn't, then the request is passed to
+ # the front-end controller. This consistent behaviour means that we don't need
+ # to specify custom rules for certain paths (e.g. images and other assets,
+ # `/updater`, `/ocm-provider`, `/ocs-provider`), and thus
+ # `try_files $uri $uri/ /index.php$request_uri`
+ # always provides the desired behaviour.
+ index index.php index.html /index.php$request_uri;
+
+ # Rule borrowed from `.htaccess` to handle Microsoft DAV clients
+ location = / {
+ if ( $http_user_agent ~ ^DavClnt ) {
+ return 302 /remote.php/webdav/$is_args$args;
+ }
+ }
+
+ location = /robots.txt {
+ allow all;
+ log_not_found off;
+ access_log off;
+ }
+
+ # Make a regex exception for `/.well-known` so that clients can still
+ # access it despite the existence of the regex rule
+ # `location ~ /(\.|autotest|...)` which would otherwise handle requests
+ # for `/.well-known`.
+ location ^~ /.well-known {
+ # The following 6 rules are borrowed from `.htaccess`
+
+ location = /.well-known/carddav { return 301 /remote.php/dav/; }
+ location = /.well-known/caldav { return 301 /remote.php/dav/; }
+ # Anything else is dynamically handled by Nextcloud
+ location ^~ /.well-known { return 301 /index.php$uri; }
+
+ try_files $uri $uri/ =404;
+ }
+
+ # Rules borrowed from `.htaccess` to hide certain paths from clients
+ location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; }
+ location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; }
+
+ # Ensure this block, which passes PHP files to the PHP process, is above the blocks
+ # which handle static assets (as seen below). If this block is not declared first,
+ # then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`
+ # to the URI, resulting in a HTTP 500 error response.
+ location ~ \.php(?:$|/) {
+ # Required for legacy support
+ rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
+
+ fastcgi_split_path_info ^(.+?\.php)(/.*)$;
+ set $path_info $fastcgi_path_info;
+
+ try_files $fastcgi_script_name =404;
+
+ include fastcgi_params;
+ fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+ fastcgi_param PATH_INFO $path_info;
+ #fastcgi_param HTTPS on;
+
+ fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice
+ fastcgi_param front_controller_active true; # Enable pretty urls
+ fastcgi_pass php-handler;
+
+ fastcgi_intercept_errors on;
+ fastcgi_request_buffering off;
+ }
+
+ location ~ \.(?:css|js|svg|gif)$ {
+ try_files $uri /index.php$request_uri;
+ expires 6M; # Cache-Control policy borrowed from `.htaccess`
+ access_log off; # Optional: Don't log access to assets
+ }
+
+ location ~ \.woff2?$ {
+ try_files $uri /index.php$request_uri;
+ expires 7d; # Cache-Control policy borrowed from `.htaccess`
+ access_log off; # Optional: Don't log access to assets
+ }
+
+ location / {
+ try_files $uri $uri/ /index.php$request_uri;
+ }
+ }
+}
diff --git a/charts/nextcloud/templates/config.yaml b/charts/nextcloud/templates/config.yaml
index a6a7cb4c..d5616f06 100644
--- a/charts/nextcloud/templates/config.yaml
+++ b/charts/nextcloud/templates/config.yaml
@@ -9,119 +9,14 @@ metadata:
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
data:
- {{- range $key, $value := .Values.nextcloud.configs }}
- {{ $key }}: |-
- {{- $value | nindent 4 }}
+ {{- range $filename, $content := .Values.nextcloud.configs }}
+ {{ $filename }}: |-
+ {{- $content | nindent 4 }}
{{- end }}
- {{- if .Values.nextcloud.defaultConfigs }}
- {{- if index .Values.nextcloud.defaultConfigs ".htaccess" }}
- .htaccess: |-
- # line below if for Apache 2.4
-
- Require all denied
-
- # line below if for Apache 2.2
-
- deny from all
-
- # section for Apache 2.2 and 2.4
-
- IndexIgnore *
-
+ {{- range $filename, $enabled := .Values.nextcloud.defaultConfigs }}
+ {{- if $enabled }}
+ {{ $filename }}: |-
+ {{- tpl ($.Files.Get (printf "files/defaultConfigs/%s.gotmpl" $filename)) $ | nindent 4 }}
{{- end }}
- {{- if index .Values.nextcloud.defaultConfigs "redis.config.php" }}
- redis.config.php: |-
- '\OC\Memcache\Redis',
- 'memcache.locking' => '\OC\Memcache\Redis',
- 'redis' => array(
- 'host' => getenv('REDIS_HOST'),
- 'port' => getenv('REDIS_HOST_PORT') ?: 6379,
- {{- if .Values.redis.auth.enabled }}
- 'password' => getenv('REDIS_HOST_PASSWORD'),
- {{- end }}
- ),
- );
- }
{{- end }}
- {{- if index .Values.nextcloud.defaultConfigs "apache-pretty-urls.config.php" }}
- apache-pretty-urls.config.php: |-
- '/',
- );
- {{- end }}
- {{- if index .Values.nextcloud.defaultConfigs "apcu.config.php" }}
- apcu.config.php: |-
- '\OC\Memcache\APCu',
- );
- {{- end }}
- {{- if index .Values.nextcloud.defaultConfigs "apps.config.php" }}
- apps.config.php: |-
- array (
- 0 => array (
- "path" => OC::$SERVERROOT."/apps",
- "url" => "/apps",
- "writable" => false,
- ),
- 1 => array (
- "path" => OC::$SERVERROOT."/custom_apps",
- "url" => "/custom_apps",
- "writable" => true,
- ),
- ),
- );
- {{- end }}
- {{- if index .Values.nextcloud.defaultConfigs "autoconfig.php" }}
- autoconfig.php: |-
- 'smtp',
- 'mail_smtphost' => getenv('SMTP_HOST'),
- 'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25),
- 'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '',
- 'mail_smtpauth' => getenv('SMTP_NAME') && getenv('SMTP_PASSWORD'),
- 'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN',
- 'mail_smtpname' => getenv('SMTP_NAME') ?: '',
- 'mail_smtppassword' => getenv('SMTP_PASSWORD') ?: '',
- 'mail_from_address' => getenv('MAIL_FROM_ADDRESS'),
- 'mail_domain' => getenv('MAIL_DOMAIN'),
- );
- }
- {{- end }}
- {{- end }}{{/* end-if defaultConfigs */}}
- {{- end }}{{/* end-if configs */}}
+{{- end }}{{/* end-if configs */}}
diff --git a/charts/nextcloud/templates/db-secret.yaml b/charts/nextcloud/templates/db-secret.yaml
index dcc3129a..491c460d 100644
--- a/charts/nextcloud/templates/db-secret.yaml
+++ b/charts/nextcloud/templates/db-secret.yaml
@@ -1,5 +1,6 @@
{{- if or .Values.mariadb.enabled .Values.externalDatabase.enabled .Values.postgresql.enabled }}
{{- if not .Values.externalDatabase.existingSecret.enabled }}
+---
apiVersion: v1
kind: Secret
metadata:
diff --git a/charts/nextcloud/templates/hpa.yaml b/charts/nextcloud/templates/hpa.yaml
index 52a30043..21d51d62 100644
--- a/charts/nextcloud/templates/hpa.yaml
+++ b/charts/nextcloud/templates/hpa.yaml
@@ -1,4 +1,5 @@
{{- if .Values.hpa.enabled -}}
+---
apiVersion: autoscaling/v1
kind: HorizontalPodAutoscaler
metadata:
@@ -14,7 +15,9 @@ spec:
kind: Deployment
apiVersion: apps/v1
name: {{ template "nextcloud.fullname" . }}
- minReplicas: {{ .Values.hpa.minPods }}
- maxReplicas: {{ .Values.hpa.maxPods }}
- targetCPUUtilizationPercentage: {{ .Values.hpa.cputhreshold }}
-{{- end }}
\ No newline at end of file
+ {{- with .Values.hpa }}
+ minReplicas: {{ .minPods }}
+ maxReplicas: {{ .maxPods }}
+ targetCPUUtilizationPercentage: {{ .cputhreshold }}
+ {{- end }}
+{{- end }}
diff --git a/charts/nextcloud/templates/ingress.yaml b/charts/nextcloud/templates/ingress.yaml
index 9f93c2e8..1d83a437 100644
--- a/charts/nextcloud/templates/ingress.yaml
+++ b/charts/nextcloud/templates/ingress.yaml
@@ -1,4 +1,5 @@
{{- if .Values.ingress.enabled }}
+---
apiVersion: {{ include "nextcloud.ingress.apiVersion" . }}
kind: Ingress
metadata:
@@ -9,27 +10,27 @@ metadata:
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/component: app
-{{- if .Values.ingress.labels }}
-{{ toYaml .Values.ingress.labels | indent 4 }}
-{{- end }}
-{{- if .Values.ingress.annotations }}
+ {{- with .Values.ingress.labels }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ {{- with .Values.ingress.annotations }}
annotations:
-{{ toYaml .Values.ingress.annotations | indent 4 }}
-{{- end }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
spec:
- {{- if .Values.ingress.className }}
- ingressClassName: {{ .Values.ingress.className }}
+ {{- with .Values.ingress.className }}
+ ingressClassName: {{ . }}
{{- end }}
rules:
- host: {{ .Values.nextcloud.host }}
http:
paths:
- path: {{ .Values.ingress.path }}
- {{- if eq (include "nextcloud.ingress.apiVersion" $) "networking.k8s.io/v1" }}
+ {{- if (eq (include "nextcloud.ingress.apiVersion" $) "networking.k8s.io/v1") }}
pathType: {{ .Values.ingress.pathType }}
{{- end }}
backend:
- {{- if eq (include "nextcloud.ingress.apiVersion" $) "networking.k8s.io/v1" }}
+ {{- if (eq (include "nextcloud.ingress.apiVersion" $) "networking.k8s.io/v1") }}
service:
name: {{ template "nextcloud.fullname" . }}
port:
@@ -38,8 +39,8 @@ spec:
serviceName: {{ template "nextcloud.fullname" . }}
servicePort: {{ .Values.service.port }}
{{- end }}
-{{- if .Values.ingress.tls }}
+ {{- with .Values.ingress.tls }}
tls:
-{{ toYaml .Values.ingress.tls | indent 4 }}
-{{- end -}}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
{{- end }}
diff --git a/charts/nextcloud/templates/metrics-deployment.yaml b/charts/nextcloud/templates/metrics/deployment.yaml
similarity index 86%
rename from charts/nextcloud/templates/metrics-deployment.yaml
rename to charts/nextcloud/templates/metrics/deployment.yaml
index ea30e918..74198b6d 100644
--- a/charts/nextcloud/templates/metrics-deployment.yaml
+++ b/charts/nextcloud/templates/metrics/deployment.yaml
@@ -1,4 +1,5 @@
{{- if .Values.metrics.enabled }}
+---
apiVersion: apps/v1
kind: Deployment
metadata:
@@ -18,20 +19,21 @@ spec:
app.kubernetes.io/component: metrics
template:
metadata:
- annotations: {{- toYaml .Values.metrics.podAnnotations | nindent 8 }}
+ annotations:
+ {{- toYaml .Values.metrics.podAnnotations | nindent 8 }}
labels:
app.kubernetes.io/name: {{ include "nextcloud.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/component: metrics
- {{- if .Values.metrics.podLabels }}
-{{ toYaml .Values.metrics.podLabels | indent 8 }}
- {{- end }}
+ {{- with .Values.metrics.podLabels }}
+ {{- toYaml . | indent 8 }}
+ {{- end }}
spec:
- {{- if .Values.metrics.image.pullSecrets }}
+ {{- with .Values.metrics.image.pullSecrets }}
imagePullSecrets:
- {{- range .Values.metrics.image.pullSecrets }}
+ {{- range . }}
- name: {{ . }}
- {{- end}}
+ {{- end}}
{{- end }}
containers:
- name: metrics-exporter
@@ -66,8 +68,9 @@ spec:
ports:
- name: metrics
containerPort: 9205
- {{- if .Values.metrics.resources }}
- resources: {{- toYaml .Values.metrics.resources | nindent 10 }}
+ {{- with .Values.metrics.resources }}
+ resources:
+ {{- toYaml . | nindent 10 }}
{{- end }}
securityContext:
runAsUser: 1000
diff --git a/charts/nextcloud/templates/metrics-service.yaml b/charts/nextcloud/templates/metrics/service.yaml
similarity index 66%
rename from charts/nextcloud/templates/metrics-service.yaml
rename to charts/nextcloud/templates/metrics/service.yaml
index 1d287451..b2f01040 100644
--- a/charts/nextcloud/templates/metrics-service.yaml
+++ b/charts/nextcloud/templates/metrics/service.yaml
@@ -1,4 +1,5 @@
{{- if .Values.metrics.enabled }}
+---
apiVersion: v1
kind: Service
metadata:
@@ -9,18 +10,18 @@ metadata:
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/component: metrics
- {{- if .Values.metrics.service.labels -}}
- {{ toYaml .Values.metrics.service.labels | nindent 4 }}
- {{- end -}}
- {{- if .Values.metrics.service.annotations }}
- annotations: {{ toYaml .Values.metrics.service.annotations | nindent 4 }}
+ {{- with .Values.metrics.service.labels }}
+ {{- toYaml .Values.metrics.service.labels | nindent 4 }}
+ {{- end }}
+ {{- with .Values.metrics.service.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
{{- end }}
spec:
type: {{ .Values.metrics.service.type }}
- {{ if eq .Values.metrics.service.type "LoadBalancer" -}} {{ if .Values.metrics.service.loadBalancerIP }}
+ {{- if and (eq .Values.metrics.service.type "LoadBalancer") .Values.metrics.service.loadBalancerIP }}
loadBalancerIP: {{ .Values.metrics.service.loadBalancerIP }}
- {{ end -}}
- {{- end -}}
+ {{- end }}
ports:
- name: metrics
port: 9205
diff --git a/charts/nextcloud/templates/metrics-servicemonitor.yaml b/charts/nextcloud/templates/metrics/servicemonitor.yaml
similarity index 66%
rename from charts/nextcloud/templates/metrics-servicemonitor.yaml
rename to charts/nextcloud/templates/metrics/servicemonitor.yaml
index e007784c..4994bb9d 100644
--- a/charts/nextcloud/templates/metrics-servicemonitor.yaml
+++ b/charts/nextcloud/templates/metrics/servicemonitor.yaml
@@ -1,10 +1,11 @@
{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }}
+---
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ template "nextcloud.fullname" . }}
- {{- if .Values.metrics.serviceMonitor.namespace }}
- namespace: {{ .Values.metrics.serviceMonitor.namespace | quote }}
+ {{- with .Values.metrics.serviceMonitor.namespace }}
+ namespace: {{ . | quote }}
{{- else }}
namespace: {{ .Release.Namespace | quote }}
{{- end }}
@@ -14,8 +15,8 @@ metadata:
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/component: metrics
- {{- if .Values.metrics.serviceMonitor.labels -}}
- {{ toYaml .Values.metrics.serviceMonitor.labels | nindent 4 }}
+ {{- with .Values.metrics.serviceMonitor.labels }}
+ {{- toYaml .Values.metrics.serviceMonitor.labels | nindent 4 }}
{{- end }}
spec:
jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel | quote }}
@@ -30,10 +31,10 @@ spec:
endpoints:
- port: metrics
path: "/"
- {{- if .Values.metrics.serviceMonitor.interval }}
- interval: {{ .Values.metrics.serviceMonitor.interval }}
+ {{- with .Values.metrics.serviceMonitor.interval }}
+ interval: {{ . }}
{{- end }}
- {{- if .Values.metrics.serviceMonitor.scrapeTimeout }}
- scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }}
+ {{- with .Values.metrics.serviceMonitor.scrapeTimeout }}
+ scrapeTimeout: {{ . }}
{{- end }}
{{- end }}
diff --git a/charts/nextcloud/templates/nextcloud-data-pvc.yaml b/charts/nextcloud/templates/nextcloud-data-pvc.yaml
index 7c2febc3..a8efca56 100644
--- a/charts/nextcloud/templates/nextcloud-data-pvc.yaml
+++ b/charts/nextcloud/templates/nextcloud-data-pvc.yaml
@@ -1,5 +1,5 @@
-{{- if and .Values.persistence.enabled .Values.persistence.nextcloudData.enabled -}}
-{{- if not .Values.persistence.nextcloudData.existingClaim -}}
+{{- if and .Values.persistence.enabled .Values.persistence.nextcloudData.enabled (not .Values.persistence.nextcloudData.existingClaim) }}
+---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
@@ -10,22 +10,21 @@ metadata:
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/component: app
-{{- if .Values.persistence.nextcloudData.annotations }}
+ {{- with .Values.persistence.nextcloudData.annotations }}
annotations:
-{{ toYaml .Values.persistence.nextcloudData.annotations | indent 4 }}
-{{- end }}
+ {{- toYaml .Values.persistence.nextcloudData.annotations | nindent 4 }}
+ {{- end }}
spec:
accessModes:
- {{ .Values.persistence.nextcloudData.accessMode | quote }}
resources:
requests:
storage: {{ .Values.persistence.nextcloudData.size | quote }}
-{{- if .Values.persistence.nextcloudData.storageClass }}
-{{- if (eq "-" .Values.persistence.nextcloudData.storageClass) }}
+ {{- with .Values.persistence.nextcloudData.storageClass }}
+ {{- if (eq "-" .) }}
storageClassName: ""
-{{- else }}
- storageClassName: "{{ .Values.persistence.nextcloudData.storageClass }}"
-{{- end }}
+ {{- else }}
+ storageClassName: "{{ . }}"
+ {{- end }}
+ {{- end }}
{{- end }}
-{{- end -}}
-{{- end -}}
diff --git a/charts/nextcloud/templates/nextcloud-pvc.yaml b/charts/nextcloud/templates/nextcloud-pvc.yaml
index 8c1789af..6bdd620b 100644
--- a/charts/nextcloud/templates/nextcloud-pvc.yaml
+++ b/charts/nextcloud/templates/nextcloud-pvc.yaml
@@ -1,5 +1,4 @@
-{{- if .Values.persistence.enabled -}}
-{{- if not .Values.persistence.existingClaim -}}
+{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
@@ -10,22 +9,21 @@ metadata:
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/component: app
-{{- if .Values.persistence.annotations }}
+ {{- with .Values.persistence.annotations }}
annotations:
-{{ toYaml .Values.persistence.annotations | indent 4 }}
-{{- end }}
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
spec:
accessModes:
- {{ .Values.persistence.accessMode | quote }}
resources:
requests:
storage: {{ .Values.persistence.size | quote }}
-{{- if .Values.persistence.storageClass }}
-{{- if (eq "-" .Values.persistence.storageClass) }}
+ {{- with .Values.persistence.storageClass }}
+ {{- if (eq "-" .) }}
storageClassName: ""
-{{- else }}
- storageClassName: "{{ .Values.persistence.storageClass }}"
-{{- end }}
+ {{- else }}
+ storageClassName: "{{ . }}"
+ {{- end }}
+ {{- end }}
{{- end }}
-{{- end -}}
-{{- end -}}
diff --git a/charts/nextcloud/templates/nginx-config.yaml b/charts/nextcloud/templates/nginx-config.yaml
index 973aadeb..b200747f 100644
--- a/charts/nextcloud/templates/nginx-config.yaml
+++ b/charts/nextcloud/templates/nginx-config.yaml
@@ -1,168 +1,5 @@
-{{- define "nginx.conf" }}
- worker_processes auto;
-
- error_log /var/log/nginx/error.log warn;
- pid /tmp/nginx.pid;
-
-
- events {
- worker_connections 1024;
- }
-
-
- http {
- include /etc/nginx/mime.types;
- default_type application/octet-stream;
-
- log_format main '$remote_addr - $remote_user [$time_local] "$request" '
- '$status $body_bytes_sent "$http_referer" '
- '"$http_user_agent" "$http_x_forwarded_for"';
-
- access_log /var/log/nginx/access.log main;
-
- sendfile on;
- #tcp_nopush on;
-
- keepalive_timeout 65;
-
- #gzip on;
-
- upstream php-handler {
- server 127.0.0.1:9000;
- }
-
- server {
- listen {{ .Values.nginx.containerPort | default "80" }};
-
- # HSTS settings
- # WARNING: Only add the preload option once you read about
- # the consequences in https://hstspreload.org/. This option
- # will add the domain to a hardcoded list that is shipped
- # in all major browsers and getting removed from this list
- # could take several months.
- #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
-
- # set max upload size
- client_max_body_size 10G;
- fastcgi_buffers 64 4K;
-
- # Enable gzip but do not remove ETag headers
- gzip on;
- gzip_vary on;
- gzip_comp_level 4;
- gzip_min_length 256;
- gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
- gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
-
- # Pagespeed is not supported by Nextcloud, so if your server is built
- # with the `ngx_pagespeed` module, uncomment this line to disable it.
- #pagespeed off;
-
- # HTTP response headers borrowed from Nextcloud `.htaccess`
- add_header Referrer-Policy "no-referrer" always;
- add_header X-Content-Type-Options "nosniff" always;
- add_header X-Download-Options "noopen" always;
- add_header X-Frame-Options "SAMEORIGIN" always;
- add_header X-Permitted-Cross-Domain-Policies "none" always;
- add_header X-Robots-Tag "noindex, nofollow" always;
- add_header X-XSS-Protection "1; mode=block" always;
-
- # Remove X-Powered-By, which is an information leak
- fastcgi_hide_header X-Powered-By;
-
- # Path to the root of your installation
- root /var/www/html;
-
- # Specify how to handle directories -- specifying `/index.php$request_uri`
- # here as the fallback means that Nginx always exhibits the desired behaviour
- # when a client requests a path that corresponds to a directory that exists
- # on the server. In particular, if that directory contains an index.php file,
- # that file is correctly served; if it doesn't, then the request is passed to
- # the front-end controller. This consistent behaviour means that we don't need
- # to specify custom rules for certain paths (e.g. images and other assets,
- # `/updater`, `/ocm-provider`, `/ocs-provider`), and thus
- # `try_files $uri $uri/ /index.php$request_uri`
- # always provides the desired behaviour.
- index index.php index.html /index.php$request_uri;
-
- # Rule borrowed from `.htaccess` to handle Microsoft DAV clients
- location = / {
- if ( $http_user_agent ~ ^DavClnt ) {
- return 302 /remote.php/webdav/$is_args$args;
- }
- }
-
- location = /robots.txt {
- allow all;
- log_not_found off;
- access_log off;
- }
-
- # Make a regex exception for `/.well-known` so that clients can still
- # access it despite the existence of the regex rule
- # `location ~ /(\.|autotest|...)` which would otherwise handle requests
- # for `/.well-known`.
- location ^~ /.well-known {
- # The following 6 rules are borrowed from `.htaccess`
-
- location = /.well-known/carddav { return 301 /remote.php/dav/; }
- location = /.well-known/caldav { return 301 /remote.php/dav/; }
- # Anything else is dynamically handled by Nextcloud
- location ^~ /.well-known { return 301 /index.php$uri; }
-
- try_files $uri $uri/ =404;
- }
-
- # Rules borrowed from `.htaccess` to hide certain paths from clients
- location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; }
- location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; }
-
- # Ensure this block, which passes PHP files to the PHP process, is above the blocks
- # which handle static assets (as seen below). If this block is not declared first,
- # then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`
- # to the URI, resulting in a HTTP 500 error response.
- location ~ \.php(?:$|/) {
- # Required for legacy support
- rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
-
- fastcgi_split_path_info ^(.+?\.php)(/.*)$;
- set $path_info $fastcgi_path_info;
-
- try_files $fastcgi_script_name =404;
-
- include fastcgi_params;
- fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
- fastcgi_param PATH_INFO $path_info;
- #fastcgi_param HTTPS on;
-
- fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice
- fastcgi_param front_controller_active true; # Enable pretty urls
- fastcgi_pass php-handler;
-
- fastcgi_intercept_errors on;
- fastcgi_request_buffering off;
- }
-
- location ~ \.(?:css|js|svg|gif)$ {
- try_files $uri /index.php$request_uri;
- expires 6M; # Cache-Control policy borrowed from `.htaccess`
- access_log off; # Optional: Don't log access to assets
- }
-
- location ~ \.woff2?$ {
- try_files $uri /index.php$request_uri;
- expires 7d; # Cache-Control policy borrowed from `.htaccess`
- access_log off; # Optional: Don't log access to assets
- }
-
- location / {
- try_files $uri $uri/ /index.php$request_uri;
- }
- }
- }
-{{- end }}
-
{{- if .Values.nginx.enabled -}}
+---
apiVersion: v1
kind: ConfigMap
metadata:
@@ -174,9 +11,9 @@ metadata:
app.kubernetes.io/managed-by: {{ .Release.Service }}
data:
nginx.conf: |-
-{{- if .Values.nginx.config.default }}
- {{- template "nginx.conf" $ }}
-{{- else }}
-{{ .Values.nginx.config.custom | indent 4 }}
-{{- end }}
+ {{- if .Values.nginx.config.default }}
+ {{- tpl (.Files.Get "files/nginx.config.gotmpl") . | nindent 4 }}
+ {{- else }}
+ {{- .Values.nginx.config.custom | nindent 4 }}
+ {{- end }}
{{- end }}
diff --git a/charts/nextcloud/templates/php-config.yaml b/charts/nextcloud/templates/php-config.yaml
index 3ff9e95a..f12aac37 100644
--- a/charts/nextcloud/templates/php-config.yaml
+++ b/charts/nextcloud/templates/php-config.yaml
@@ -1,4 +1,5 @@
{{- if .Values.nextcloud.phpConfigs -}}
+---
apiVersion: v1
kind: ConfigMap
metadata:
@@ -11,6 +12,6 @@ metadata:
data:
{{- range $key, $value := .Values.nextcloud.phpConfigs }}
{{ $key }}: |-
-{{ $value | indent 4 }}
+ {{- $value | nindent 4 }}
{{- end }}
{{- end }}
diff --git a/charts/nextcloud/templates/rbac.yaml b/charts/nextcloud/templates/rbac.yaml
index 6a1c9fab..5b4e0a55 100644
--- a/charts/nextcloud/templates/rbac.yaml
+++ b/charts/nextcloud/templates/rbac.yaml
@@ -1,18 +1,19 @@
{{- if .Values.rbac.enabled }}
+---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ template "nextcloud.fullname" . }}-privileged
namespace: {{ .Release.Namespace }}
rules:
-- apiGroups:
- - extensions
- resourceNames:
- - privileged
- resources:
- - podsecuritypolicies
- verbs:
- - use
+ - apiGroups:
+ - extensions
+ resourceNames:
+ - privileged
+ resources:
+ - podsecuritypolicies
+ verbs:
+ - use
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
diff --git a/charts/nextcloud/templates/secrets.yaml b/charts/nextcloud/templates/secrets.yaml
index fab8c2c1..9b3ed4f9 100644
--- a/charts/nextcloud/templates/secrets.yaml
+++ b/charts/nextcloud/templates/secrets.yaml
@@ -1,4 +1,5 @@
{{- if not .Values.nextcloud.existingSecret.enabled }}
+---
apiVersion: v1
kind: Secret
metadata:
@@ -11,19 +12,19 @@ metadata:
type: Opaque
data:
nextcloud-username: {{ .Values.nextcloud.username | b64enc | quote }}
- {{- if .Values.nextcloud.password }}
- nextcloud-password: {{ .Values.nextcloud.password | b64enc | quote }}
+ {{- with .Values.nextcloud.password }}
+ nextcloud-password: {{ . | b64enc | quote }}
{{- else }}
nextcloud-password: {{ randAlphaNum 10 | b64enc | quote }}
{{- end }}
- {{- if .Values.metrics.token }}
- nextcloud-token: {{ .Values.metrics.token | b64enc | quote }}
+ {{- with .Values.metrics.token }}
+ nextcloud-token: {{ . | b64enc | quote }}
{{- else }}
nextcloud-token: {{ randAlphaNum 10 | b64enc | quote }}
{{- end }}
{{- if .Values.nextcloud.mail.enabled }}
- smtp-username: {{ default "" .Values.nextcloud.mail.smtp.name | b64enc | quote }}
- smtp-password: {{ default "" .Values.nextcloud.mail.smtp.password | b64enc | quote }}
- smtp-host: {{ default "" .Values.nextcloud.mail.smtp.host | b64enc | quote }}
+ smtp-username: {{ .Values.nextcloud.mail.smtp.name | default "" | b64enc | quote }}
+ smtp-password: {{ .Values.nextcloud.mail.smtp.password | default "" | b64enc | quote }}
+ smtp-host: {{ .Values.nextcloud.mail.smtp.host | default "" | b64enc | quote }}
{{- end }}
{{- end }}
diff --git a/charts/nextcloud/templates/service.yaml b/charts/nextcloud/templates/service.yaml
index eb9fcd39..2526c291 100644
--- a/charts/nextcloud/templates/service.yaml
+++ b/charts/nextcloud/templates/service.yaml
@@ -1,3 +1,4 @@
+---
apiVersion: v1
kind: Service
metadata:
@@ -11,23 +12,23 @@ metadata:
spec:
type: {{ .Values.service.type }}
{{- if and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerIP }}
- loadBalancerIP: {{ default "" .Values.service.loadBalancerIP }}
+ loadBalancerIP: {{ .Values.service.loadBalancerIP | default "" }}
{{- end }}
- {{- if .Values.service.ipFamilies }}
+ {{- with .Values.service.ipFamilies }}
ipFamilies:
- {{- toYaml .Values.service.ipFamilies | nindent 4 }}
+ {{- toYaml . | nindent 4 }}
{{- end }}
- {{- if .Values.service.ipFamilyPolicy }}
- ipFamilyPolicy: {{ .Values.service.ipFamilyPolicy }}
+ {{- with .Values.service.ipFamilyPolicy }}
+ ipFamilyPolicy: {{ . }}
{{- end }}
ports:
- - port: {{ .Values.service.port }}
- targetPort: {{ .Values.nextcloud.containerPort }}
- protocol: TCP
- name: http
- {{- if eq .Values.service.type "NodePort" }}
- nodePort: {{ default "" .Values.service.nodePort}}
- {{- end }}
+ - port: {{ .Values.service.port }}
+ targetPort: {{ .Values.nextcloud.containerPort }}
+ protocol: TCP
+ name: http
+ {{- if (eq .Values.service.type "NodePort") }}
+ nodePort: {{ .Values.service.nodePort | default "" }}
+ {{- end }}
selector:
app.kubernetes.io/name: {{ include "nextcloud.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
diff --git a/charts/nextcloud/templates/serviceaccount.yaml b/charts/nextcloud/templates/serviceaccount.yaml
index ea8c0521..84989dc0 100644
--- a/charts/nextcloud/templates/serviceaccount.yaml
+++ b/charts/nextcloud/templates/serviceaccount.yaml
@@ -1,10 +1,11 @@
{{- if and .Values.rbac.enabled .Values.rbac.serviceaccount.create }}
+---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ .Values.rbac.serviceaccount.name }}
- {{- if .Values.rbac.serviceaccount.annotations }}
+ {{- with .Values.rbac.serviceaccount.annotations }}
annotations:
- {{- toYaml .Values.rbac.serviceaccount.annotations | nindent 4 }}
+ {{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}